Privacy Policy

This Privacy Policy applies to:

• Visitors to our website, including depositguard.com
• People who contact us for support or feedback.
• People who complete our surveys.
• Users who create an account and use the Service to document properties and generate reports.

Our Service is intended for adults who are renting property in the UK. It is not intended for children under 18.

We aim to collect only the data we need to provide the Service effectively and securely.

Account data

• Name
• Phone number
• Email address
• Password (stored as a hashed value, never in plain text)

Property and report data

When you create a property record and condition report, we process:

• Property address and descriptive details (e.g. flat/house, move-in date, notes)
• Room names and types (e.g. kitchen, bedroom, hallway, garden)
• Photos you capture through the in-app camera, including:
  
  • Image files
  • Time and date each photo was taken (EXIF/device timestamp)
  • Server upload timestamp
  • Your text notes/annotations about each photo
• Generated PDF reports (which include your photos, notes, property details, timestamps and report metadata)

Support and communication data

• Messages you send to our support team (email or in-app help)
• Any additional information you choose to share (e.g. screenshots, descriptions of issues)

When you use the Service, we may automatically collect:

• Your IP address
• Device and browser information (type, version, operating system)
• Log data (pages visited, actions taken, dates/times, error messages)
• Basic analytics data (e.g. number of properties created, number of photos per report, performance metrics)

We may use cookies and similar technologies to:

• Keep you logged in
• Remember your preferences
• Measure how the Service is used and improve performance
  

Where required by law (e.g. for non-essential analytics cookies), we will ask for your consent via a cookie banner and/or Cookie Policy. You can manage your cookie preferences through your browser settings and, where available, in our cookie banner.

We do not intentionally collect special category data (such as data about your health, religion, or ethnicity). However, photos you capture inside a property could sometimes incidentally reveal sensitive information (e.g. documents or personal items in the background). We ask you not to photograph anything that reveals more personal information than necessary to document the condition of the property.

Under UK GDPR and EU GDPR, we must have a legal basis for using your data. We rely on the following:

We process your data as necessary to:

• Create and manage your account
• Allow you to define properties and rooms, capture photos and notes, and generate reports
• Store your reports and make them available in your dashboard
• Provide core functionality such as offline capture and background syncing
  

Legal basis: Article 6(1)(b) – performance of a contract with you.

4.2 To maintain security and prevent fraud

We process certain data to:

• Ensure photo timestamps are consistent and detect potential manipulation (e.g. server vs. device timestamp mismatch logging)
• Monitor and protect the Service against abuse, bugs and attacks
• Keep audit logs for technical and security purposes
  

Legal basis: Article 6(1)(f) – our legitimate interest in maintaining a secure and trustworthy platform.

4.3 To improve and monitor the Service

We may use analytics to understand how the Service is used, for example:

• Performance and reliability metrics
• Usage patterns (e.g. average photos per report, average report generation time)
  

Legal basis:

• Article 6(1)(f) – our legitimate interest in improving and optimising the Service; and
• Where required by ePrivacy/PECR (e.g. for non-essential cookies), your consent under Article 6(1)(a).

4.4 To communicate with you

We may send you:

• Service messages about your account or reports (e.g. email verification, password reset, report completion)
• Important updates about security, privacy or terms
• Occasional reminders directly related to ensuring the accuracy of your report
  

Legal basis:

• Article 6(1)(b) – performance of the contract (essential service communications)
• Article 6(1)(f) – our legitimate interest in keeping users informed about important changes to the Service
  

If we ever send direct marketing (e.g. news or offers unrelated to an ongoing tenancy report), we will do so only where permitted by law and will always provide an unsubscribe option.

4.5 To comply with legal obligations

We may process and retain certain data to comply with:

• Applicable laws and regulations
• Requests from law enforcement or regulatory bodies, where lawful and appropriate
• Accounting, auditing and record-keeping requirements
  

Legal basis: Article 6(1)(c) – compliance with a legal obligation.

We do not sell your personal data. We may share your data with:

5.1 Service providers (processors)

We use trusted third-party providers to help us run the Service, for example:

• Cloud hosting and storage (e.g. infrastructure providers where your data and images are securely stored)
• Email delivery services (for verification emails, password resets, notifications)
• Error monitoring and logging tools
• Analytics providers
  

These providers act as processors and are only allowed to process your data on our instructions. We require them to protect your data and to comply with data protection laws.

5.2 Professional advisers

We may share data with lawyers, auditors, insurers or other professional advisers where necessary, for example in connection with legal claims or compliance.

5.3 Legal and law enforcement

We may disclose your data where we believe in good faith that it is necessary to:

• Comply with a legal obligation or valid legal request
• Protect your vital interests or those of another person
• Establish, exercise or defend legal claims
• Prevent or detect crime or fraud

5.4 Business transfers

If Deposit Guard is involved in a merger, acquisition, restructuring or sale of assets, your data may be transferred as part of that transaction. We will ensure any new owner continues to respect this Privacy Policy or provides equivalent protections, and we will notify you where required by law.

5.5 Sharing reports

We do not automatically share your reports with landlords, agents or third parties. You control who you share your reports with (for example, sending a report to your landlord or deposit scheme).

Our primary infrastructure is intended to be hosted in regions that support compliance with UK/EU data-residency requirements (for example, EU/UK data centres).

If we transfer your personal data outside the UK and/or EEA (for example, to a service provider in another country), we will ensure appropriate safeguards are in place, such as:

• An adequacy decision by the UK or European Commission, or
• Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), or similar approved mechanisms.
  

You can contact us for more details about the safeguards we use for international transfers.

Our primary infrastructure is intended to be hosted in regions that support compliance with UK/EU data-residency requirements (for example, EU/UK data centres).We keep your personal data only as long as reasonably necessary for the purposes described in this Policy, including for the establishment, exercise or defence of legal claims, or as required by law.

7.1 Account and profile data

• We keep your account data (e.g. email, hashed password) while your account is active.
• If you close your account, we will generally delete or anonymise your account data within a reasonable period, except where we need to retain some data for legal or regulatory purposes.

7.2 Property data, photos and reports

Your condition reports are a key part of the Service and may be needed as evidence in tenancy deposit disputes.

• Within the app, completed reports are locked and cannot be edited or regenerated, to preserve their integrity.
  

• We normally retain your reports while your account remains active so that you can access them whenever you need them (for example, when moving out or dealing with a dispute).
  

• If you request deletion of a report or your entire account, we will either delete or anonymise the relevant data, unless we have a compelling legitimate reason or legal obligation to retain certain information (for example, to defend legal claims or comply with law).

7.3 Logs and analytics data

Technical logs and analytics data are kept for limited periods that allow us to troubleshoot issues, improve the Service and maintain security. Where possible, analytics data is aggregated or anonymised so that it can no longer identify you.

We take security seriously and use appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (TLS) and at rest for key data stores
• Access controls and role-based permissions for staff
• Audit logging for privileged actions and admin access
• Regular monitoring of system performance and error rates
• Disaster recovery and backup procedures designed to protect against data loss
  

No system is ever perfectly secure, but we work to maintain a high level of security and to quickly address issues when they arise. You are responsible for keeping your password confidential and for choosing a strong, unique password for your Deposit Guard account.

Depending on where you live (e.g. UK or EEA), you have several rights under data protection law. These include:

1. Right of access – You can ask for a copy of the personal data we hold about you.
   
   
2. Right to rectification – You can ask us to correct inaccurate or incomplete data.
   
   
3. Right to erasure – You can ask us to delete your personal data in certain circumstances (for example, where it is no longer needed or you withdraw consent and there is no other legal basis).
   
   
4. Right to restrict processing – You can ask us to restrict how we use your data in certain circumstances.
   
   
5. Right to data portability – You can ask for your data in a structured, commonly used, machine-readable format and have it transmitted to another controller, where technically feasible.
   
   
6. Right to object – You can object to processing based on our legitimate interests or to direct marketing.
   
   
7. Right to withdraw consent – Where we rely on your consent (e.g. for certain cookies or marketing), you can withdraw that consent at any time.
   
   
8. Right to lodge a complaint – You can complain to your local data protection authority, including the ICO in the UK.
   
   

To exercise any of these rights, please contact us. We may need to verify your identity before responding to your request.

Our Service is intended for adults who are renting property. We do not knowingly collect personal data from children under 18. If you believe a child under 18 has provided us with personal data, please contact us and we will take appropriate steps to delete such data.

Our website or emails may contain links to third-party websites or services. These sites have their own privacy policies, and we are not responsible for their practices. We recommend you review those policies before providing any personal data to third parties.

We may update this Privacy Policy from time to time to reflect changes in our Service, legal requirements or other factors.

When we make material changes, we will:

• Update the “Last updated” date at the top of this page, and
• Take reasonable steps to inform you, for example via in-app messages or email.
  

We encourage you to review this Policy periodically to stay informed about how we protect your data.

If you have any questions about this Privacy Policy or how we use your personal data, please contact us.

‍

Last updated: February 9, 2026.

‍